Cisco Wireless :: 5508 To Join With 2 WISM As Backup
Jun 20, 2012
I have a facility, where all the access points almost 250 of them are connected to two WisM's (One in each core switch ) . They are running in 6.0.199 firmware . These two WisM's are managed by WCS , which is running 6.0.188.
As i need to add more access points and to make fully redundant , 5500 controller was ordered and it has with firmware 7.0 installed. Couple of queries related with it .
1. Can 5500 be added in the WLC group, so that existing Access Points can be configured to use primary controller as 5500 and secondary / tertiary controller as WISM ?
2. Will 5500 be able to be detected by WCS , as the version of 5500 is 7.0 and WCS version is 6.0.188 ?
3. As WCS was already deployed and live, is it possible to upgrade, if the client has support contract like SUSA ?
I have a cisco 5508 WLC and 40 cisco 360021 APs.I configured the WLC and assign the management interface IP and also configured a DHCP pool on my Cisco 4507 core switch wit option 43.But the problem that the APs connot join the WLC.
A customer runs a 5508 WLC for quit a while. several dozens AP's are spread all over Europe an run just fine. All the AP's have a VPN based connection over an MPLS service provider, so we are using 10.x.x.x addresses only. We have upgraded to release 7.2.111.3 to support OEAP 600 and we have configured NAT in the Firewall as well a policy to support the home office AP. Everything works fine until the switch where the WLC was attached to crushed. From this moment on, all internal AP's ar no longer able to register at the WLC. A log at the console port on an AP shows that it tries to access the external (NAT) IP address. We had to remove the NAT flag to support the internal AP's.
I have a 3502i(AP_1) that will not join a 5508 WLC(WLC_1)(code 7.2.103). The 3502i(AP_1) will join 4402 WLC(WLC_2)(Code 7.0.230). I have another 3502i(AP_2) that will join the WLC_1 & WLC_2. I am using capwap discover through DNS and hard coding the primiary WLC to AP_1 & AP_2. When I debug capwap events and errors, I see the static capwap messages and replies. Both of the WLC are on the same subnet. I have defauted the AP_1 and it joins the CISCO-CAPWAP-CONTROLLER as expected. When I change the Primiary WLC to WLC_1 it goes back to the CISCO-CAPWAP-CONTROLLER. If i change the primiary WLC to WLC_2 it joins. If I change the primiary back to WLC_1 it joins WLC_2 even though it is not a secondary. I know the previous joined WLC are stored in NVRAM, so that might be why it is doing that. I can join other ap to WLC_1 just not this one.
I just have a brand new Aironet 1552E , just took it out of the box and connect to the same subnet with a WLC 5508 v7.2 fully config and working However, it could not join the WLC 5508.
We have bought autonomous APs AIR-AP1141N-E-K9 and converted them to the lightweight mode, but they cannot join the WLC 5508. The errors are below. There were NO problems with the LAPs that were bought before, together with the
WLC.AP's IP: 172.22.90.27 IOS version 12.4 WLC's IP: 172.22.90.20 IOS version 6.0.188.0 logs from the AP: Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255) *Oct 13 21:37:06.044: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY *Oct 13 21:37:06.045: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY *Oct 13 21:37:06.046: bsnInitRcbSlot: slot 1 has NO radio [Code] .....
The time is set to the WLC with the NTP. Don't lookup at the time the logs were made - they were made not during the same day/time
I have an (AIR-LAP1310G-E-K9R) and I tried to join it to WLC 5508 but I'm facing an error, I get this error from the LAP 1310 console as below:
Compiled Mon 17-Jul-06 11:45 by alnguyen *Mar 1 00:00:05.289: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up *Mar 1 00:00:06.289: %LINEPROTO-5-UPDOWN: Line protocol on Interface
My APs 1142N don't join their WLC. APs and WLC management interface are in the same vlan (WLC can ping all the APs). It is strange because it doesn't seem like they are trying to contact the WLC. What's strange is that I have other AP 1142N which joined this WLC without any problem.
(Cisco Controller) >show sysinfo Manufacturer's Name.............................. Cisco Systems Inc. Product Name..................................... Cisco Controller
I have problems with an AP AIR-CAP1552C-E-K9 (MAC: 2c:36:f8:73:e8:a0 )this AP cannot join to WLC 5508 software version 7.2.110.0.The AP ever gets associated to WLC.
I saw timeout messages and this error message:
%CAPWAP-3-ECHO_ERR: capwap_ac_sm.c:5656 Did not receive heartbeat reply; AP: 2c:36:f8:73:e8:a0
I don´t see any connectivity issues between the AP and WLC thorugh HFC network.One time the AP join to WLC and I saw this messages in debug CAPWAP:
*spamApTask1: Nov 27 09:01:06.316: 2c:36:f8:73:e8:a0 Change State Event Response sent to 10.64.128.165:16012 *spamApTask1: Nov 27 09:01:06.316: 2c:36:f8:73:e8:a0 CAPWAP State: Run *spamApTask1: Nov 27 09:01:06.316: 2c:36:f8:73:e8:a0 Sending the remaining config to AP 10.64.128.165:16012
*Mar 1 01:28:21.018: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY *Mar 1 01:28:21.022: %LWAPP-3-CLIENTERRORLOG: bsnSetCurrentBHRate : fail to set radio control and data rate
*Mar 1 01:28:21.179: %CDP_PD-2-POWER_LOW: All radios disabled - AC_ADAPTOR (00 00.0000.0000) *Mar 1 01:28:21.984: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth ernet0, changed state to up *Mar 1 01:28:34.341: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigne d DHCP address 192.168.10.244, mask 255.255.255.0, hostname AP2c54.2d0d.c3c4
I have a WLC 5508, AIR-LAP1142N APs and a SSID for students to connect to who bring their own device. I am still testing this and it has not been rolled out but I am running into some serious issues with joining the network. I am authenticating them through a RADIUS server (2008 R2). Problem: many of them cannot connect because they are lacking the certificate.
1. What is a good setup for authentication in a BYOD environment
2. If my setup is good what can I do to allow kids to use their computers on the wireless either without the certificate (which I know is unlikely) or what do I need to have them do to connect. I am hoping it does not involve hard wiring and getting the certificate from the server.
My customer has a 4402-25-K9 and need a backup (failover) controller to avoid data transmision break when primary controller goes down.4402 are end of sale so I have a question can I use 5508 to get Controller Failover Protection with 4402 ?
Since WLC5508 MGMT interface is configured a AP-Mgr at the same time, can I set a Backup Port to WLC5508 MGMT interface? Refer to WLC configuration Guide:
In the Backup Port text box, enter the number of the backup port assigned to the management interface. If the primary port for the management interface fails, the interface automatically moves to the backup port.
Note Do not define a backup port for an AP-manager interface. Port redundancy is not supported for AP-manager interfaces. If the AP-manager interface fails, all of the access points connected to the controller through that interface are evenly distributed among the other configured AP-manager interfaces
if I need to configure the backup port for MGMT interface, i need to remove the AP-manager on MGMT interface and create a network dynamic interface for AP-Manager ?
I just turned on 2 Wirelless LAN Controllers 5508 and I am getting this message on both of them:
Loading primary image (Image not found)
** Unable to read "linux.pri.img" from ide 0:2 **
Loading backup image (Image not found)
** Unable to read "linux.bak.img" from ide 0:2 **
And it is taking me to the BootMenu. I selected option 4 to Clear Configuration and the controller seems to restart the system but I still get the same error. I checked the LEDs status and Sys is Amber and Alarm is OFF which according to the documentation is a System Crash.
I have two 5508 WLC's setup to run about 200 AP's as the moment. This is a hospital with patient care now running over wireless. I am looking for the best scenario to minimize down time. Currently both controllers are in the same mobility group and I will be setting the primary / secondary controller in the High Availability tab for each AP. Most setting are all default still.
My question: Would it better to setup the primary/secondary from the global configuration? Can I leave them in the same mobility group if I use the global configuration?
My only problem so far is having AP's on different controllers caused some response delay as clients move from one controller to the other. I need to find the best possible response time with the lowest possible fail-over time. Any recommondeations or links to a good article on this subject?
On a WLC 5508 it lists an option to specify a "Backup Port" under the physical information section on an interface. We have two central switched SSID's which are connected to an internal firewall. We are looking at installing a backup/standby firewall and running a virtual firewall between them. Each SSID would have an additional patch from the WLC to the standby firewall.
Does the backup interface port function on the WLC allow traffic to be failed over from a centrally switched SSID via backup interfaces to an alternative device? If this does work will only physical link failure to the primary firewall cause the backup port to be activated or is there configuration parameters which can be specified for load, packet loss or latency which can be used as criteria to cause the backup port to be utilized?
I recently tested the process for a customer of defaulting a Cisco WLC to factory configuration and then restoring the configuration from Cisco NCS. It was not seamless to say the least and I wonder if I have just gone about it the wrong way.
Have have set the NCS platform to configuration sync with the 5508 controllers at 04:00 every day and prior to the controller defaulting I ensured that NCS also reported that the config was in sync. I have also set NCS to complete a tftp backup of the controller every night 23:00 - interestingly though I have no idea where this is stored on the NCS platform ( a VM appliance ) or what it's file name is.
Anyway my experiences where as follows:- 1. defaulted WLC and via serial CLI ended up at the configuration wizard. 2. Set the correct LAG, management IP, host name that NCS knew this controller by. 3. To test things just created a dummy WLAN ( SSID ) as I assumed this would be overwritten ( big mistake ! ).
At this point I connected the controller to the network and tried to restore the configuration from the config sync version.
First problem - you have to remember to set up the SNMP community string you were using as it is needed by the configuration sync process. After adding this to the controller I could push the configuration to the controller.
Second problem - failed to add the first WLAN from the backup as I have added the temporary dummy W LAN via the wizard and NCS reported a conflict. So had to delete WLAN ID 1 from the WLC GUI directly and then the config push no longer reported this error.
Third problem - for some reason did not add the TACACS server details - reported the error that it could not added them. I manually added these via a template via NCS and all was well.
Fourth problem - all but the first WLAN was in the disabled state - had to re-enable all of the WLANs.
Fifth problem - any default items I had disabled or removed have not been saved - therefore I have removed the public and private SNMP communities - but these were still on the WLC after the restore. I have disabled unused ports not in the LAG as they show an error in NCS - these where not disabled after the restore.
So all in all not a very satisfactory restore process from NCS to an defaulted WLC ( meant to simulate to the customer what would be needed if they had to replace a controller due to hardware failure ).
I dont think my cards are faulty (4 cards in 2 6500 switches),I connect directly to my WISM cards, boot them (insert them), I see it turning on, enabling services, and as soon as the "username:" prompt apears, the Status led turns off and I lose console. [code]
We have Cisco WiSM modules on our 6500 switch. I tried to register a 1142 access point to the WiSM. Is there any difference in the way an AP registers and appears on the WiSM as compared to the Wireless Lan controller?
I could see the AP get an ip from dhcp pool ( configured on the switch ) and Ap was visible on the cdp neighbor of switch.
However, i could not locate the new AP on the WiSM module. Do i need to add MAC address to the WiSM as same as WLC.
WiSM WLAN Service Module WS-SVC-WISM-1-K9 in 6509e running VSS IOs s72033-ipservicesk9_wan-mz.122-33.SXI2a.bin having trouble to get the IP from service-vlan DHCP.The pertinent config is as follows.
! vlan 300 name WiSM_Service_Vlan !interface Vlan300 description *** WiSM Service-Vlan ip address 192.168.200.1 255.255.255.0
[code]....
The service IP is supposed to have been populated with an address from the dhcp pool. I am also unable to connect to it by doing a session switch 1 slot 4 processor 1. I get the following upon attempting to do so:
HO2NET0001##session switch 1 slot 4 proc 1
The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session Trying 0.0.0.0 ...
I am getting an alarm on WCS where a one controller is down, unreachable from WCS, while the other one is reachable on the same WiSM module. Upon investigation, Status of controller is shown as "Oper-Up" for all controllers on Supervisory engine. Hardware platform is Cisco 6509-E.
WLAN Slot Controller Service IP Management IP SW Version Status ----+-----------+----------------+----------------+-----------+--------------- 2 1 192.167.10.11 172.19.47.65 6.0.196.0 Oper-Up 2 2 192.167.10.12 172.19.47.66 6.0.196.0 Oper-Up
However, I can not ping the managment interface of the down controller while the other controller management interface is pingable. All these interfaces are in the same VLAN.
ping 172.19.47.65 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.19.47.65, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
Problem is fixed when I reboot the problematic Controller. However, this problem re-appears after some time. I am not able to figure out why controller is not able to ping its default-gateway which is an SVI interface on Supervisory card on the same chassis, and showing status UP/UP. Is it a software bug or backplane fault or any other reason ?
We have a WISM in a 6509. The 6509 lost power (the UPS failed) and upon reboot the WISM isn't allowing AP's to connect. The WISM is blade 4. Upon consoling in, I get this error message for all 8 ports: 42w6d: %EC-SP-5-CANNOT_BUNDLE2: Gi4/1 is not compatible with Po407 and will be suspended (trunk mode of Gi4/1 is dynamic, Po407 is trunk)
I have a WiSM installed in WS-6504E, vesion 6.0.182. It can't function normally after upgrading to version7.0.220.When it was unstable, I found three strange condition 1. A lot of log looks like this*osapiReaper: Mar 10 14:53:39.282: %OSAPI-3-FILE_OPEN_FAILED: osapi_file.c:370 Failed to open the file : /proc/1059/stat.(erno 24)*osapiReaper: Mar 10 14:53:39.282: %OSAPI-3-TASK_GETTIME_FAILED: osapi_task.c:3431 Failed to retrieve statistics (/proc/<pid>/stats) for task 'fmcHsTask'2. Internal Temperature was showed "sensor failed"3. CPU User load is Zero?
The Samsung SCH-i569 Wi-Fi can't work at the LAP1131G with WiSM. It can associate to AP and get the ip address but about one minutes ago it had deauthentication and the phone's Wi-Fi status will show scanning. The phone can work at the Autonoumous mode or other 3rd party Fat AP.
Setting up a multi floor WLAN using a 6500 WISM Controller. Each floor has an AP group with the floor WAPs assigned. Each floor has a VLAN and the WLC has an interface configured. Each floor has a WLAN configured with the same SSID and the only change is the interface on the WLAN per floor.DHCP is remote on AD servers and each floor as a scope configured.Each floor works fine - we can get connected and get assigned to correct IP address. The issue we had with this setup was moving between floors. When we move up a floor the client loses connection to the inital floor (coverage - as expected). if we disconnect and reconnect it connects to the new floor SSID and gets an IP from DHCP.When looking into this - I then created an interface group and added all the floor interfaces into the group. I then applied the interface group to each floor WLAN and did soem testing - it worked as expected. I could now move between floors.The issue with this is though. When I was testing I already had an IP address assigned from DHCP - before I changed to interface groups. The issue is that the intial DHCP assignment no longer works and we cant connect to the WLAN anymore,
